Server-Side Request Forgery in n8n-MCP Affects Multiple Versions
CVE-2026-42449

8.5HIGH

Key Information:

Vendor: Czlonkowski
Status: N8n-mcp
Vendor: CVE Published:; 7 May 2026

🔔 Create Czlonkowski Vulnerability Alert

What is CVE-2026-42449?

The n8n-MCP server, which enables AI assistants to access comprehensive n8n documentation and operations, is susceptible to a Server-Side Request Forgery (SSRF) vulnerability in versions 2.47.4 through 2.47.13. This issue arises from the SDK embedder path where the synchronous URL validator lacks proper IPv6 handling. IPv4-mapped IPv6 addresses could circumvent critical checks for cloud metadata, private IP ranges, and localhost. Consequently, an attacker who manipulates the n8nApiUrl can compel the server to send requests to sensitive internal endpoints, exposing potentially critical information. This exploit leverages the x-n8n-api-key header, allowing attackers to interact with affected services. The vulnerability is mitigated in version 2.47.14. Users are advised to validate URLs before submission, restrict network egress, and carefully manage user-supplied n8nApiUrl values as immediate workarounds.

Affected Version(s)

n8n-mcp >= 2.47.4, < 2.47.14

References

https://github.com/czlonkowski/n8n-mcp/security/advisorie...

x_refsource_CONFIRM

https://github.com/czlonkowski/n8n-mcp/commit/9639f757853...

x_refsource_MISC

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 27, 2026

CVE-2026-42449 Data

JSON